v4.12.0
Security
- Update golang.org/x/net dep because of GO-2024-2687 by @aldas in https://github.com/labstack/echo/pull/2625
Enhancements
- binder: make binding to Map work better with string destinations by @aldas in https://github.com/labstack/echo/pull/2554
- README.md: add Encore as sponsor by @marcuskohlberg in https://github.com/labstack/echo/pull/2579
- Reorder paragraphs in README.md by @aldas in https://github.com/labstack/echo/pull/2581
- CI: upgrade actions/checkout to v4 by @aldas in https://github.com/labstack/echo/pull/2584
- Remove default charset from 'application/json' Content-Type header by @doortts in https://github.com/labstack/echo/pull/2568
- CI: Use Go 1.22 by @aldas in https://github.com/labstack/echo/pull/2588
- binder: allow binding to a nil map by @georgmu in https://github.com/labstack/echo/pull/2574
- Add Skipper Unit Test In BasicBasicAuthConfig and Add More Detail Explanation regarding BasicAuthValidator by @RyoKusnadi in https://github.com/labstack/echo/pull/2461
- fix some typos by @teslaedison in https://github.com/labstack/echo/pull/2603
- fix: some typos by @pomadev in https://github.com/labstack/echo/pull/2596
- Allow ResponseWriters to unwrap writers when flushing/hijacking by @aldas in https://github.com/labstack/echo/pull/2595
- Add SPDX licence comments to files. by @aldas in https://github.com/labstack/echo/pull/2604
- Upgrade deps by @aldas in https://github.com/labstack/echo/pull/2605
- Change type definition blocks to single declarations. This helps copy… by @aldas in https://github.com/labstack/echo/pull/2606
- Fix Real IP logic by @cl-bvl in https://github.com/labstack/echo/pull/2550
- Default binder can use
UnmarshalParams(params []string) error
inter… by @aldas in https://github.com/labstack/echo/pull/2607 - Default binder can bind pointer to slice as struct field. For example
*[]string
by @aldas in https://github.com/labstack/echo/pull/2608 - Remove maxparam dependence from Context by @aldas in https://github.com/labstack/echo/pull/2611
- When route is registered with empty path it is normalized to
/
. by @aldas in https://github.com/labstack/echo/pull/2616 - proxy middleware should use httputil.ReverseProxy for SSE requests by @aldas in https://github.com/labstack/echo/pull/2624
- @marcuskohlberg made their first contribution in https://github.com/labstack/echo/pull/2579
- @doortts made their first contribution in https://github.com/labstack/echo/pull/2568
- @georgmu made their first contribution in https://github.com/labstack/echo/pull/2574
- @RyoKusnadi made their first contribution in https://github.com/labstack/echo/pull/2461
- @teslaedison made their first contribution in https://github.com/labstack/echo/pull/2603
- @pomadev made their first contribution in https://github.com/labstack/echo/pull/2596
- @cl-bvl made their first contribution in https://github.com/labstack/echo/pull/2550
Full Changelog: https://github.com/labstack/echo/compare/v4.11.4...v4.12.0
v4.11.4 upgrade dependencies
Security
Enhancements
- Update deps and mark Go version to 1.18 as this is what golang.org/x/* use #2563
- Request logger: add example for Slog https://pkg.go.dev/log/slog #2543
v4.11.0
Fixes
- Fixes the proxy middleware concurrency issue of calling the Next() proxy target on Round Robin Balancer #2409
- Fix
group.RouteNotFound
not working when group has attached middlewares #2411 - Fix global error handler return error message when message is an error #2456
- Do not use global timeNow variables #2477
Enhancements
- Added a optional config variable to disable centralized error handler in recovery middleware #2410
- refactor: use
strings.ReplaceAll
directly #2424 - Add support for Go1.20
http.rwUnwrapper
to Response struct #2425 - Check whether is nil before invoking centralized error handling #2429
- Proper colon support in
echo.Reverse
method #2416 - Fix misuses of a vs an in documentation comments #2436
- Add link to slog.Handler library for Echo logging into README.md #2444
- In proxy middleware Support retries of failed proxy requests #2414
- gofmt fixes to comments #2452
- gzip response only if it exceeds a minimal length #2267
- Upgrade packages #2475
v4.10.0
Security
We are deprecating JWT middleware in this repository. Please use https://github.com/labstack/echo-jwt instead.
JWT middleware is moved to separate repository to allow us to bump/upgrade version of JWT implementation (
github.com/golang-jwt/jwt
) we are using which we can not do in Echo core because this would break backwards compatibility guarantees we try to maintain.This minor version bumps minimum Go version to 1.17 (from 1.16) due
golang.org/x/
packages we depend on. There are several vulnerabilities fixed in these libraries.Echo still tries to support last 4 Go versions but there are occasions we can not guarantee this promise.
Enhancements
- Bump x/text to 0.3.8 #2305
- Bump dependencies and add notes about Go releases we support #2336
- Add helper interface for ProxyBalancer interface #2316
- Expose
middleware.CreateExtractors
function so we can use it from echo-contrib repository #2338 - Refactor func(Context) error to HandlerFunc #2315
- Improve function comments #2329
- Add new method HTTPError.WithInternal #2340
- Replace io/ioutil package usages #2342
- Add staticcheck to CI flow #2343
- Replace relative path determination from proprietary to std #2345
- Remove square brackets from ipv6 addresses in XFF (X-Forwarded-For header) #2182
- Add testcases for some BodyLimit middleware configuration options #2350
- Additional configuration options for RequestLogger and Logger middleware #2341
- Add route to request log #2162
- GitHub Workflows security hardening #2358
- Add govulncheck to CI and bump dependencies #2362
- Fix rate limiter docs #2366
- Refactor how
e.Routes()
work and introducee.OnAddRouteHandler
callback #2337